RubyGems - CloudyScripts - Versions diffs - 1.7.27 → 1.8.29 - Mend

CloudyScripts 1.7.27 → 1.8.29

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (32) hide show

data/Rakefile +1 -1
data/lib/audit/benchmark_apache.zip +0 -0
data/lib/audit/benchmark_full.zip +0 -0
data/lib/audit/benchmark_ssh.zip +0 -0
data/lib/audit/checks/benchmark.group +0 -3
data/lib/audit/checks/benchmark.group.apache +3 -0
data/lib/audit/checks/benchmark.group.full +6 -0
data/lib/audit/checks/benchmark.group.ssh +3 -0
data/lib/audit/checks/benchmark.ssh.zip +0 -0
data/lib/audit/lib/audit.rb +7 -7
data/lib/audit/lib/benchmark/audit_benchmark.rb +5 -4
data/lib/audit/lib/benchmark/benchmark_factory.rb +1 -1
data/lib/audit/lib/benchmark/check.rb +2 -2
data/lib/audit/lib/benchmark/group.rb +2 -2
data/lib/audit/lib/benchmark/rule_result.rb +2 -2
data/lib/audit/lib/benchmark/yaml_benchmark.rb +6 -7
data/lib/audit/lib/connection/connection_factory.rb +2 -2
data/lib/audit/lib/connection/ssh_connection.rb +1 -1
data/lib/audit/lib/parser/command/attach_file_command.rb +5 -5
data/lib/audit/lib/parser/command/check_finished_command.rb +3 -3
data/lib/audit/lib/parser/command/cpe_name_command.rb +4 -4
data/lib/audit/lib/parser/command/data_command.rb +5 -5
data/lib/audit/lib/parser/command/listening_port_command.rb +2 -2
data/lib/audit/lib/parser/command/message_command.rb +4 -4
data/lib/audit/lib/parser/command/program_name_command.rb +4 -4
data/lib/audit/lib/parser/script_output_parser.rb +11 -11
data/lib/audit/lib/ssh_fingerprint.rb +2 -2
data/lib/audit/lib/transformers/web_view_transformer.rb +2 -2
data/lib/help/state_transition_helper.rb +60 -3
data/lib/scripts/ec2/audit_via_ssh.rb +150 -0
data/lib/scripts/ec2/ec2_script.rb +1 -1
metadata +176 -157

data/Rakefile CHANGED Viewed

@@ -12,7 +12,7 @@ require 'rake/testtask'
 spec = Gem::Specification.new do |s|
   s.name = 'CloudyScripts'
-  s.version = '1.7.27'
+  s.version = '1.8.29'
   s.has_rdoc = true
   s.extra_rdoc_files = ['README.rdoc', 'LICENSE']
   s.summary = 'Scripts to facilitate programming for infrastructure clouds.'

data/lib/audit/benchmark_apache.zip ADDED Viewed

Binary file

data/lib/audit/benchmark_full.zip ADDED Viewed

Binary file

data/lib/audit/benchmark_ssh.zip ADDED Viewed

Binary file

data/lib/audit/checks/benchmark.group CHANGED Viewed

@@ -1,6 +1,3 @@
 ID: BENCHMARK
 Children:
-   - APACHE2
    - SSH
-   - LYNIS_AUTH
-   - VARIOUS

data/lib/audit/checks/benchmark.group.apache ADDED Viewed

@@ -0,0 +1,3 @@
+ID: BENCHMARK
+Children:
+   - APACHE2

data/lib/audit/checks/benchmark.group.full ADDED Viewed

@@ -0,0 +1,6 @@
+ID: BENCHMARK
+Children:
+   - APACHE2
+   - SSH
+   - LYNIS_AUTH
+   - VARIOUS

data/lib/audit/checks/benchmark.group.ssh ADDED Viewed

@@ -0,0 +1,3 @@
+ID: BENCHMARK
+Children:
+   - SSH

data/lib/audit/checks/benchmark.ssh.zip ADDED Viewed

Binary file

data/lib/audit/lib/audit.rb CHANGED Viewed

@@ -1,12 +1,12 @@
 require 'logger'
-require 'connection/connection_factory'
-require 'benchmark/benchmark_factory'
-require 'linear_script_generator'
-require 'parser/script_output_parser'
-require 'util/random_string'
-require 'benchmark/benchmark_result'
-require 'lazy'
+require 'audit/lib/connection/connection_factory'
+require 'audit/lib/benchmark/benchmark_factory'
+require 'audit/lib/linear_script_generator'
+require 'audit/lib/parser/script_output_parser'
+require 'audit/lib/util/random_string'
+require 'audit/lib/benchmark/benchmark_result'
+require 'audit/lib/lazy'
 class Audit
 	attr_reader :benchmark

data/lib/audit/lib/benchmark/audit_benchmark.rb CHANGED Viewed

@@ -1,6 +1,7 @@
-require 'benchmark/check'
-require 'benchmark/item_exception'
-require 'lazy'
+require 'audit/lib/benchmark/check'
+require 'audit/lib/benchmark/item_exception'
+require 'audit/lib/lazy'
 class AuditBenchmark
 	attr_reader :item_repository
@@ -162,4 +163,4 @@ class AuditBenchmark
       :children => Lazy.new(Lazy.new(@children, :reject) {|x| !x.in_report?}, :map) {|child| Lazy.new(child, :to_hash)}
     }
   end
-end
+end

data/lib/audit/lib/benchmark/benchmark_factory.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-require 'benchmark/yaml_benchmark'
+require 'audit/lib/benchmark/yaml_benchmark'
 class BenchmarkFactory
 	def initialize(options)

data/lib/audit/lib/benchmark/check.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-require 'lazy'
+require 'audit/lib/lazy'
 class Check
 	attr_reader :id 				# The ID by which this check is referenced from other elements
@@ -31,4 +31,4 @@ class Check
   def in_report?()
     return true
   end
-end
+end

data/lib/audit/lib/benchmark/group.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-require 'lazy'
+require 'audit/lib/lazy'
 class Group
@@ -27,4 +27,4 @@ class Group
   def in_report?()
     true
   end
-end
+end

data/lib/audit/lib/benchmark/rule_result.rb CHANGED Viewed

@@ -1,5 +1,5 @@
-require 'benchmark/result_code'
-require 'lazy'
+require 'audit/lib/benchmark/result_code'
+require 'audit/lib/lazy'
 class RuleResult
   attr_reader :rule

data/lib/audit/lib/benchmark/yaml_benchmark.rb CHANGED Viewed

@@ -2,12 +2,11 @@ require 'yaml'
 require 'logger'
 require 'zip/zip'
-require 'benchmark/group'
-require 'benchmark/item_exception'
-require 'benchmark/check'
-require 'benchmark/audit_benchmark'
-require 'benchmark/automatic_dependencies'
+require 'audit/lib/benchmark/group'
+require 'audit/lib/benchmark/item_exception'
+require 'audit/lib/benchmark/check'
+require 'audit/lib/benchmark/audit_benchmark'
+require 'audit/lib/benchmark/automatic_dependencies'
 class YamlBenchmark < AuditBenchmark
@@ -130,4 +129,4 @@ class YamlBenchmark < AuditBenchmark
     raise ItemNotFoundException.new(id), "Item #{id} not found" if @item_repository[id].nil?
     return @item_repository[id]
   end
-end
+end

data/lib/audit/lib/connection/connection_factory.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-require 'connection/ssh_connection'
+require 'audit/lib/connection/ssh_connection'
 class ConnectionFactory
@@ -24,4 +24,4 @@ class ConnectionFactory
 		end
 	end
 end

data/lib/audit/lib/connection/ssh_connection.rb CHANGED Viewed

@@ -26,7 +26,7 @@ class SshConnection
 		end
 		@@logger.info("opening ssh connection with parameters: " + @parameters.to_s)
 		parameters = @parameters.clone()
 		host = @parameters[:host]
 		user = @parameters[:user]

data/lib/audit/lib/parser/command/attach_file_command.rb CHANGED Viewed

@@ -1,7 +1,7 @@
-require 'parser/command/abstract_command_result'
-require 'parser/command/abstract_command'
-require 'parser/parse_exception'
-require 'parser/result_type'
+require 'audit/lib/parser/command/abstract_command_result'
+require 'audit/lib/parser/command/abstract_command'
+require 'audit/lib/parser/parse_exception'
+require 'audit/lib/parser/result_type'
 class AttachFileCommandResult < AbstractCommandResult
   attr_reader :file
@@ -60,4 +60,4 @@ class AttachFileCommand < AbstractCommand
   def result()
     return AttachFileCommandResult.new(@check, @severity, @message, @local_path)
   end
-end
+end

data/lib/audit/lib/parser/command/check_finished_command.rb CHANGED Viewed

@@ -1,8 +1,8 @@
 # To change this template, choose Tools | Templates
 # and open the template in the editor.
-require 'parser/command/abstract_command_result'
-require 'parser/command/abstract_command'
-require 'parser/result_type'
+require 'audit/lib/parser/command/abstract_command_result'
+require 'audit/lib/parser/command/abstract_command'
+require 'audit/lib/parser/result_type'
 class CheckFinishedCommandResult < AbstractCommandResult
   attr_reader :exit_code

data/lib/audit/lib/parser/command/cpe_name_command.rb CHANGED Viewed

@@ -1,6 +1,6 @@
-require 'parser/command/abstract_command'
-require 'parser/command/abstract_command_result'
-require 'parser/result_type'
+require 'audit/lib/parser/command/abstract_command'
+require 'audit/lib/parser/command/abstract_command_result'
+require 'audit/lib/parser/result_type'
 class CpeNameCommandResult < AbstractCommandResult
   def initialize(check, severity, message, cpe_name)
@@ -34,4 +34,4 @@ class CpeNameCommand < AbstractCommand
   def result()
     return CpeNameCommandResult.new(@check, @severity, @message, @cpe_name)
   end
-end
+end

data/lib/audit/lib/parser/command/data_command.rb CHANGED Viewed

@@ -1,7 +1,7 @@
-require 'parser/command/abstract_command'
-require 'parser/command/abstract_command_result'
-require 'parser/result_type'
-require 'parser/parse_exception'
+require 'audit/lib/parser/command/abstract_command'
+require 'audit/lib/parser/command/abstract_command_result'
+require 'audit/lib/parser/result_type'
+require 'audit/lib/parser/parse_exception'
 class DataCommandResult < AbstractCommandResult
   attr_reader :key
@@ -40,4 +40,4 @@ class DataCommand < AbstractCommand
   def result()
     return DataCommandResult.new(@check, @severity, @key, @value)
   end
-end
+end

data/lib/audit/lib/parser/command/listening_port_command.rb CHANGED Viewed

@@ -1,8 +1,8 @@
 # To change this template, choose Tools | Templates
 # and open the template in the editor.
-require 'parser/command/abstract_command'
-require 'parser/command/abstract_command_result'
+require 'audit/lib/parser/command/abstract_command'
+require 'audit/lib/parser/command/abstract_command_result'
 class ListeningPortCommandResult < AbstractCommandResult

data/lib/audit/lib/parser/command/message_command.rb CHANGED Viewed

@@ -1,6 +1,6 @@
-require 'parser/command/abstract_command'
-require 'parser/command/abstract_command_result'
-require 'parser/result_type'
+require 'audit/lib/parser/command/abstract_command'
+require 'audit/lib/parser/command/abstract_command_result'
+require 'audit/lib/parser/result_type'
 class MessageCommandResult < AbstractCommandResult
   def initialize(check, severity, message)
@@ -18,4 +18,4 @@ class MessageCommand < AbstractCommand
   def result()
     return MessageCommandResult.new(@check, @severity, @message)
   end
-end
+end

data/lib/audit/lib/parser/command/program_name_command.rb CHANGED Viewed

@@ -1,6 +1,6 @@
-require 'parser/command/abstract_command'
-require 'parser/command/abstract_command_result'
-require 'parser/result_type'
+require 'audit/lib/parser/command/abstract_command'
+require 'audit/lib/parser/command/abstract_command_result'
+require 'audit/lib/parser/result_type'
 class ProgramNameCommandResult < AbstractCommandResult
   attr_reader :program_name
@@ -39,4 +39,4 @@ class ProgramNameCommand < AbstractCommand
   def result()
     return ProgramNameCommandResult.new(@check, @severity, @message, @name, @version)
   end
-end
+end

data/lib/audit/lib/parser/script_output_parser.rb CHANGED Viewed

@@ -1,16 +1,16 @@
 require 'logger'
-require 'parser/command/program_name_command'
-require 'parser/command/cpe_name_command'
-require 'parser/command/attach_file_command'
-require 'parser/command/message_command'
-require 'parser/command/check_finished_command'
-require 'parser/command/listening_port_command'
-require 'parser/command/data_command'
-require 'parser/parse_exception'
-require 'benchmark/rule_severity'
-require 'parser/stdout_line_buffer'
-require 'benchmark/rule_result'
+require 'audit/lib/parser/command/program_name_command'
+require 'audit/lib/parser/command/cpe_name_command'
+require 'audit/lib/parser/command/attach_file_command'
+require 'audit/lib/parser/command/message_command'
+require 'audit/lib/parser/command/check_finished_command'
+require 'audit/lib/parser/command/listening_port_command'
+require 'audit/lib/parser/command/data_command'
+require 'audit/lib/parser/parse_exception'
+require 'audit/lib/benchmark/rule_severity'
+require 'audit/lib/parser/stdout_line_buffer'
+require 'audit/lib/benchmark/rule_result'
 # This class parses the output generated by a sh script.
 # Each output line is expected to start with the marker LINE_START

data/lib/audit/lib/ssh_fingerprint.rb CHANGED Viewed

@@ -1,7 +1,7 @@
 #!/usr/bin/env ruby
 require 'rexml/document'
-require 'util/random_string'
+require 'audit/lib/util/random_string'
 require 'fileutils'
 require 'socket'
 require 'timeout'
@@ -217,4 +217,4 @@ module SSH_FINGERPRINT
 			:algorithms => get_algorithms(host, port),
 			:version1 => version1_supported?(host, port)}
 	end
-end
+end

data/lib/audit/lib/transformers/web_view_transformer.rb CHANGED Viewed

@@ -3,8 +3,8 @@
 # icons taken from http://www.famfamfam.com/lab/icons/silk/
-require 'benchmark/audit_benchmark'
-require 'parser/result_type'
+require 'audit/lib/benchmark/audit_benchmark'
+require 'audit/lib/parser/result_type'
 require 'logger'
 class WebViewTransformer

data/lib/help/state_transition_helper.rb CHANGED Viewed

@@ -96,6 +96,7 @@ module StateTransitionHelper
   # * ami_id => ID of the AMI to be launched
   # * key_name => name of the key to access the instance
   # * security_group_name => name of the security group to be used
+  # * type => type of instance to start
   # Returned information:
   # * instance_id => ID of the started instance
   # * dns_name => DNS name of the started instance
@@ -103,7 +104,7 @@ module StateTransitionHelper
   # * kernel_id => EC2 Kernel ID of the started instance
   # * ramdisk_id => EC2 Ramdisk ID of the started instance
   # * architecture => architecture (e.g. 386i, 64x) of the started instance
-  def launch_instance(ami_id, key_name, security_group_name, ec2_handler = nil)
+  def launch_instance(ami_id, key_name, security_group_name, ec2_handler = nil, type = nil)
     ec2_handler = ec2_handler() if ec2_handler == nil
     post_message("starting up instance to execute the script (AMI = #{ami_id}) ...")
     @logger.debug "start up AMI #{ami_id}"
@@ -114,6 +115,7 @@ module StateTransitionHelper
     if architecture != "i386"
       instance_type = "m1.large"
     end
+    instance_type = type if type != nil
     arch_log_msg = "Architecture of image #{ami_id} is #{architecture}. Use instance_type #{instance_type}."
     @logger.info arch_log_msg
     post_message(arch_log_msg)
@@ -150,6 +152,59 @@ module StateTransitionHelper
     return instance_id, dns_name, availability_zone, kernel_id, ramdisk_id, architecture
   end
+  # Start an instance
+  # Input Paramters:
+  # * instance_id => ID of the instance to start
+  # * timeout => a timeout for waiting instance to start to avoid infinite loop (default set to 4m)
+  # Return Parameters (Array):
+  # * instance_id
+  # * public_dns_name
+  def start_instance(instance_id, timeout = 240)
+    dns_name = ""
+    post_message("going to start instance '#{instance_id}'...")
+    res = ec2_handler().describe_instances(:instance_id => instance_id)
+    state = res['reservationSet']['item'][0]['instancesSet']['item'][0]['instanceState']
+    if state['code'].to_i == 16
+      dns_name = res['reservationSet']['item'][0]['instancesSet']['item'][0]['dnsName']
+      msg = "instance '#{instance_id}' already started"
+      @logger.warn "#{msg}"
+      post_message("#{msg}")
+      done = true
+    else
+      @logger.debug "start instance #{instance_id}"
+      ec2_handler().start_instances(:instance_id => instance_id)
+    end
+      while timeout > 0 && !done
+      res = ec2_handler().describe_instances(:instance_id => instance_id)
+      state = res['reservationSet']['item'][0]['instancesSet']['item'][0]['instanceState']
+      @logger.debug "instance in state '#{state['name']}' (#{state['code']})"
+      if state['code'].to_i == 16
+        done = true
+        timeout = 0
+        dns_name = res['reservationSet']['item'][0]['instancesSet']['item'][0]['dnsName']
+      elsif state['code'].to_i != 0
+        done = false
+        timeout = 0
+        msg = "instance in state '#{state['name']}'"
+        @logger.error "#{msg}"
+        post_message("#{msg}")
+      end
+      sleep(5)
+      timeout -= 5
+    end
+    msg = ""
+    if !done
+      msg = "Failed to start instance '#{instance_id}"
+      @logger.error "#{msg}"
+      raise Exception.new("Unable to start instance '#{instance_id}'}")
+    else
+      msg = "'#{instance_id}' successfully started"
+      @logger.info "#{msg}"
+    end
+    post_message("#{msg}")
+    return instance_id, dns_name
+  end
   # Shuts down an instance.
   # Input Parameters:
   # * instance_id => ID of the instance to be shut down
@@ -270,11 +325,12 @@ module StateTransitionHelper
     msg = ""
     if !done
       msg = "Failed to attach volume '#{volume_id}' to instance '#{instance_id}"
+      @logger.error "#{msg}"
       raise Exception.new("volume #{mount_point} not attached")
     else
       msg = "volume #{volume_id} successfully attached"
+      @logger.info "#{msg}"
     end
-    @logger.error "#{msg}"
     post_message("#{msg}")
   end
@@ -304,11 +360,12 @@ module StateTransitionHelper
     msg = ""
     if !done
       msg = "Failed to detach volume '#{volume_id}' from instance '#{instance_id}"
+      @logger.error "#{msg}"
       raise Exception.new("volume #{mount_point} not detached")
     else
       msg = "volume #{volume_id} successfully detached"
+      @logger.info "#{msg}"
     end
-    @logger.error "#{msg}"
     post_message("#{msg}")
   end

data/lib/scripts/ec2/audit_via_ssh.rb ADDED Viewed

@@ -0,0 +1,150 @@
+require "help/script_execution_state"
+require "scripts/ec2/ec2_script"
+require "help/remote_command_handler"
+require "help/ec2_helper"
+require "audit/lib/audit"
+require "AWS"
+require 'pp'
+# Audit an AMI or an instance via an SSH connection using a specific benchmark
+#
+class AuditViaSsh < Ec2Script
+  # Input parameters
+  # * ec2_api_handler => object that allows to access the EC2 API
+  # * ami_id => the ID of the AMI to be copied in another region
+  # * ssh_username => The username for ssh for source-instance (default = root)
+  # * key_name => Key name of the instance that manages the snaphot-volume in the source region
+  # * ssh_key_data => Key information for the security group that starts the AMI [if not set, use ssh_key_files]
+  def initialize(input_params)
+    super(input_params)
+  end
+  def check_input_parameters()
+    if @input_params[:ami_id] == nil && @input_params[:instance_id] == nil
+      raise Exception.new("No Instance ID or AMI ID specified")
+    end
+    if @input_params[:ami_id] != nil && !(@input_params[:ami_id] =~ /^ami-.*$/)
+      raise Exception.new("Invalid AMI ID specified")
+    end
+    if @input_params[:instance_id] != nil && !(@input_params[:instance_id] =~ /^i-.*$/)
+      raise Exception.new("Invalid Instance ID specified")
+    end
+    if @input_params[:sec_grp_name] == nil
+      @input_params[:sec_grp_name] = "default"
+    end
+    if @input_params[:audit_type] != nil && @input_params[:audit_type].casecmp("SSH")
+      @input_params[:benchmark_file] = "./lib/audit/benchmark_ssh.zip"
+    elsif @input_params[:audit_type] != nil && @input_params[:audit_type].casecmp("APACHE")
+      @input_params[:benchmark_file] = "./lib/audit/benchmark_apache.zip"
+    else
+      raise Exception.new("Invalid Audit '#{@input_params[:audit_type]}' specified")
+    end
+    ec2_helper = Ec2Helper.new(@input_params[:ec2_api_handler])
+    if !ec2_helper.check_open_port(@input_params[:sec_grp_name], 22)
+      raise Exception.new("Port 22 must be opened for security group 'default' to connect via SSH")
+    end
+  end
+  def load_initial_state()
+    AuditViaSshState.load_state(@input_params)
+  end
+  private
+  # Here begins the state machine implementation
+  class AuditViaSshState < ScriptExecutionState
+    def self.load_state(context)
+      state = context[:initial_state] == nil ? InitialState.new(context) : context[:initial_state]
+      state
+    end
+  end
+  # Start an instance and wait for it to be UP and running
+  # Create a temporary directory
+  class InitialState < AuditViaSshState
+    def enter
+      instances_info = []
+      tmp_dir = ""
+      if @context[:ami_id] != nil
+        instance_infos = launch_instance(@context[:ami_id], @context[:ssh_key_name], @context[:sec_grp_name], nil, "t1.micro")
+        tmp_dir = "/tmp/#{@context[:ami_id]}-#{Time.now().to_i}"
+      elsif @context[:instance_id] != nil
+        instance_infos = start_instance(@context[:instance_id])
+        tmp_dir = "/tmp/#{@context[:instance_id]}-#{Time.now().to_i}"
+      else
+        raise Exception.new("No Instance ID or AMI ID specified (should have been catched earlier)")
+      end
+      @context[:instance_id] = instance_infos[0]
+      @context[:public_dns_name] = instance_infos[1]
+      @context[:tmp_dir] = tmp_dir
+      #puts "DEBUG: Audit Scripts"
+      #pp @context
+      Dir::mkdir(tmp_dir)
+      if FileTest::directory?(tmp_dir)
+        post_message("local temporary directory created")
+      end
+      LaunchAuditViaSsh.new(@context)
+    end
+  end
+  # Launch the audit via SSH
+  class LaunchAuditViaSsh < AuditViaSshState
+    def enter
+      audit = Audit.new(:benchmark => @context[:benchmark_file], :attachment_dir => @context[:tmp_dir],
+                        :connection_type => :ssh,
+                        :connection_params => {:user => @context[:ssh_user],
+                                               :keys => @context[:ssh_key_file],
+                                               :host => @context[:public_dns_name],
+                                               :paranoid => false},
+                                               :logger => nil)
+      audit.start(false)
+      @context[:result][:audit_test] = []
+      audit.results.each() {|key, value|
+        if key =~ /^SSH_.*$/ || key =~ /^APACHE2_.*$/
+          #puts "DEBUG: Key: #{key}, Result: #{value.result}, Desc: #{value.rule.description}"
+          @context[:result][:audit_test] << {:name => key, :desc => value.rule.description, :status => value.result}
+          post_message("== > Test #{key}: Status: #{value.result.eql?("pass") ? "OK" : "NOK"}\n  Desc: #{value.rule.description}")
+        end
+      }
+      CleanUpAuditViaSsh.new(@context)
+    end
+  end
+  # Terminate an instance
+  class CleanUpAuditViaSsh < AuditViaSshState
+    def enter
+      if @context[:ami_id] != nil
+        shut_down_instance(@context[:instance_id])
+      elsif @context[:instance_id] != nil
+        #TODO: stop the instance only if you have started it
+        #stop_instance(@context[:instance_id])
+      else
+        raise Exception.new("No Instance ID or AMI ID specified (should have been catched earlier)")
+      end
+      AnalyseAuditViaSsh.new(@context)
+    end
+  end
+  # Analyse audit via SSH results
+  class AnalyseAuditViaSsh < AuditViaSshState
+    def enter
+      Done.new(@context)
+    end
+  end
+  # Script done.
+  class Done < AuditViaSshState
+    def done?
+      true
+    end
+  end
+end

data/lib/scripts/ec2/ec2_script.rb CHANGED Viewed

@@ -12,7 +12,7 @@ class Ec2Script
     @progress_message_listeners = []
     if input_params[:logger] == nil
       @logger = Logger.new(STDOUT)
-      @logger .level = Logger::WARN
+      @logger.level = Logger::WARN
       input_params[:logger] = @logger
     else
       @logger = input_params[:logger]

metadata CHANGED Viewed

@@ -1,12 +1,13 @@
 --- !ruby/object:Gem::Specification
 name: CloudyScripts
 version: !ruby/object:Gem::Version
+  hash: 13
   prerelease: false
   segments:
   - 1
-  - 7
-  - 27
-  version: 1.7.27
+  - 8
+  - 29
+  version: 1.8.29
 platform: ruby
 authors:
 - Matthias Jung
@@ -14,16 +15,18 @@ autorequire:
 bindir: bin
 cert_chain: []
-date: 2011-07-04 00:00:00 +02:00
+date: 2011-07-07 00:00:00 +00:00
 default_executable:
 dependencies:
 - !ruby/object:Gem::Dependency
   name: amazon-ec2
   prerelease: false
   requirement: &id001 !ruby/object:Gem::Requirement
+    none: false
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
+        hash: 3
         segments:
         - 0
         version: "0"
@@ -33,9 +36,11 @@ dependencies:
   name: net-ssh
   prerelease: false
   requirement: &id002 !ruby/object:Gem::Requirement
+    none: false
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
+        hash: 3
         segments:
         - 0
         version: "0"
@@ -45,9 +50,11 @@ dependencies:
   name: net-scp
   prerelease: false
   requirement: &id003 !ruby/object:Gem::Requirement
+    none: false
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
+        hash: 3
         segments:
         - 0
         version: "0"
@@ -66,191 +73,199 @@ files:
 - LICENSE
 - README.rdoc
 - Rakefile
-- lib/audit/checks/APACHE2.group
-- lib/audit/checks/APACHE2_CONFIG_01.check
-- lib/audit/checks/APACHE2_CONFIG_02.check
-- lib/audit/checks/APACHE2_CONFIG_03.check
 - lib/audit/checks/APACHE2_CONFIG_04.check
-- lib/audit/checks/APACHE2_CONFIG_05.check
-- lib/audit/checks/APACHE2_CONFIG_06.check
-- lib/audit/checks/APACHE2_INIT_1.check
-- lib/audit/checks/APACHE2_INIT_2.check
-- lib/audit/checks/APACHE2_INIT_3.check
-- lib/audit/checks/APACHE2_USER_7.check
-- lib/audit/checks/BACKUP_HOME_DOTFILES.check
+- lib/audit/checks/LYNIS_AUTH.group
+- lib/audit/checks/LOGGED_USERS.check
+- lib/audit/checks/HAS_FILE_DOWNLOADER.check
+- lib/audit/checks/MYSQL_HISTORY_1.check
+- lib/audit/checks/DISTRIBUTION_FACTS.check
+- lib/audit/checks/HAS_ID.check
+- lib/audit/checks/MAYBE_HAS_TAR.check
+- lib/audit/checks/FIND_SHADOW_FILE.check
+- lib/audit/checks/HAS_UNAME.check
+- lib/audit/checks/HAS_LSB_RELEASE.check
+- lib/audit/checks/MYSQL_INIT_3.check
+- lib/audit/checks/VARIOUS.group
 - lib/audit/checks/BACKUP_LOG.check
-- lib/audit/checks/BACKUP_MAIL.check
-- lib/audit/checks/BACKUP_WEB.check
+- lib/audit/checks/PLATFORM_FACTS.check
+- lib/audit/checks/script_header.template
+- lib/audit/checks/SSH_CONFIG_03.check
+- lib/audit/checks/benchmark.group.ssh
 - lib/audit/checks/benchmark.group
-- lib/audit/checks/CONFIGURATION_BACKUP.check
-- lib/audit/checks/DIRECTORY_LISTING.check
-- lib/audit/checks/DISTRIBUTION_FACTS.check
-- lib/audit/checks/DMESG_OUTPUT.check
-- lib/audit/checks/FIND_GROUP_FILE.check
+- lib/audit/checks/LYNIS_AUTH_9208.check
+- lib/audit/checks/SSH_CONFIG_10.check
 - lib/audit/checks/FIND_PASSWD_FILE.check
-- lib/audit/checks/FIND_SHADOW_FILE.check
-- lib/audit/checks/FIND_SUDOERS_FILE.check
-- lib/audit/checks/footer.template
-- lib/audit/checks/FREE_SPACE.check
-- lib/audit/checks/HAS_AWK.check
-- lib/audit/checks/HAS_BASE.check
+- lib/audit/checks/LYNIS_AUTH_9204.check
+- lib/audit/checks/SSH_CONFIG_09.check
+- lib/audit/checks/MYSQL_INIT_2.check
+- lib/audit/checks/HAS_GROUPS.check
+- lib/audit/checks/LOADED_MODULES.check
 - lib/audit/checks/HAS_CAT.check
-- lib/audit/checks/HAS_COMPRESSOR.check
-- lib/audit/checks/HAS_CUT.check
+- lib/audit/checks/HAS_SUPERUSER.check
+- lib/audit/checks/SLOW.group
+- lib/audit/checks/SSH_CONFIG_04.check
+- lib/audit/checks/benchmark.group.full
+- lib/audit/checks/LYNIS_AUTH_9226.check
+- lib/audit/checks/APACHE2_CONFIG_01.check
+- lib/audit/checks/MAYBE_HAS_UNAME.check
 - lib/audit/checks/HAS_DF.check
-- lib/audit/checks/HAS_DPKG.check
-- lib/audit/checks/HAS_FILE_DOWNLOADER.check
+- lib/audit/checks/HAS_UNIQ.check
+- lib/audit/checks/APACHE2_INIT_1.check
+- lib/audit/checks/APACHE2_INIT_2.check
+- lib/audit/checks/USERS_INIT_2.check
+- lib/audit/checks/PORTS_OPEN_NETSTAT.check
+- lib/audit/checks/LIST_ROUTES.check
+- lib/audit/checks/SSH_CONFIG_06.check
+- lib/audit/checks/SSH_INIT_1.check
+- lib/audit/checks/SLOW_1.check
+- lib/audit/checks/MAYBE_HAS_LSB_RELEASE.check
+- lib/audit/checks/APACHE2_CONFIG_05.check
 - lib/audit/checks/HAS_FIND.check
-- lib/audit/checks/HAS_GREP.check
-- lib/audit/checks/HAS_GROUPCHECK.check
-- lib/audit/checks/HAS_GROUPS.check
-- lib/audit/checks/HAS_HOSTNAME.check
-- lib/audit/checks/HAS_ID.check
-- lib/audit/checks/HAS_LSB_RELEASE.check
-- lib/audit/checks/HAS_MOUNT.check
+- lib/audit/checks/LASTLOG.check
+- lib/audit/checks/HAS_WHO.check
+- lib/audit/checks/USERS_INIT_5.check
+- lib/audit/checks/HAS_TAIL.check
+- lib/audit/checks/header.template
 - lib/audit/checks/HAS_NETSTAT.check
-- lib/audit/checks/HAS_PASSWD_CHECK.check
-- lib/audit/checks/HAS_PS.check
+- lib/audit/checks/VAR_LIST_HOME_DIRECTORIES.check
 - lib/audit/checks/HAS_ROUTE.check
-- lib/audit/checks/HAS_SH.check
+- lib/audit/checks/PASSWORD_INFORMATION.check
+- lib/audit/checks/FIND_SUDOERS_FILE.check
+- lib/audit/checks/APACHE2_CONFIG_06.check
+- lib/audit/checks/USERS_INIT_1.check
+- lib/audit/checks/LYNIS_AUTH_9222.check
+- lib/audit/checks/BACKUP_MAIL.check
+- lib/audit/checks/BACKUP_WEB.check
+- lib/audit/checks/HAS_COMPRESSOR.check
+- lib/audit/checks/HAS_TAR.check
+- lib/audit/checks/benchmark.ssh.zip
+- lib/audit/checks/HAS_CUT.check
+- lib/audit/checks/SLOW_3.check
+- lib/audit/checks/APACHE2_INIT_3.check
+- lib/audit/checks/SSH_INIT_2.check
+- lib/audit/checks/SSH_CONFIG_01.check
+- lib/audit/checks/benchmark.group.apache
+- lib/audit/checks/HAS_PASSWD_CHECK.check
+- lib/audit/checks/USER_INFORMATION.check
+- lib/audit/checks/SSH_CONFIG_11.check
+- lib/audit/checks/HAS_DPKG.check
 - lib/audit/checks/HAS_SORT.check
+- lib/audit/checks/MAYBE_HAS_WGET.check
+- lib/audit/checks/APACHE2.group
+- lib/audit/checks/APACHE2_USER_7.check
+- lib/audit/checks/SSH_CONFIG_08.check
+- lib/audit/checks/SSH_CONFIG_07.check
+- lib/audit/checks/SSH_CONFIG_02.check
+- lib/audit/checks/LYNIS_AUTH_9228.check
+- lib/audit/checks/FIND_GROUP_FILE.check
+- lib/audit/checks/USERS_INIT_3.check
+- lib/audit/checks/HAS_YUM.check
+- lib/audit/checks/MAYBE_HAS_ID.check
+- lib/audit/checks/SLOW_2.check
+- lib/audit/checks/HAS_MOUNT.check
+- lib/audit/checks/HAS_AWK.check
+- lib/audit/checks/MOUNTED_DEVICES.check
+- lib/audit/checks/MAYBE_HAS_HOSTNAME.check
+- lib/audit/checks/SSH_CONFIG_05.check
+- lib/audit/checks/HAS_BASE.check
+- lib/audit/checks/HAS_GREP.check
+- lib/audit/checks/SSH_KEYS_1.check
+- lib/audit/checks/MAYBE_HAS_DU.check
+- lib/audit/checks/PACKAGES_INSTALLED_YUM.check
 - lib/audit/checks/HAS_STAT.check
-- lib/audit/checks/HAS_SUPERUSER.check
-- lib/audit/checks/HAS_TAIL.check
-- lib/audit/checks/HAS_TAR.check
 - lib/audit/checks/HAS_TR.check
-- lib/audit/checks/HAS_UNAME.check
-- lib/audit/checks/HAS_UNIQ.check
-- lib/audit/checks/HAS_WC.check
-- lib/audit/checks/HAS_WHO.check
-- lib/audit/checks/HAS_YUM.check
-- lib/audit/checks/header.template
-- lib/audit/checks/helpers/head.sh
-- lib/audit/checks/LASTLOG.check
-- lib/audit/checks/LIST_ROUTES.check
-- lib/audit/checks/LIST_USER_ACCOUNTS.check
-- lib/audit/checks/LOADED_MODULES.check
-- lib/audit/checks/LOCAL_NMAP.check
-- lib/audit/checks/LOGGED_USERS.check
-- lib/audit/checks/LYNIS_AUTH.group
-- lib/audit/checks/LYNIS_AUTH_9204.check
-- lib/audit/checks/LYNIS_AUTH_9208.check
-- lib/audit/checks/LYNIS_AUTH_9216.check
-- lib/audit/checks/LYNIS_AUTH_9222.check
-- lib/audit/checks/LYNIS_AUTH_9226.check
-- lib/audit/checks/LYNIS_AUTH_9228.check
+- lib/audit/checks/HAS_PS.check
 - lib/audit/checks/LYNIS_AUTH_9252.check
-- lib/audit/checks/MAYBE_HAS_BZIP2.check
-- lib/audit/checks/MAYBE_HAS_CURL.check
-- lib/audit/checks/MAYBE_HAS_DU.check
-- lib/audit/checks/MAYBE_HAS_HOSTNAME.check
-- lib/audit/checks/MAYBE_HAS_ID.check
-- lib/audit/checks/MAYBE_HAS_LSB_RELEASE.check
+- lib/audit/checks/CONFIGURATION_BACKUP.check
+- lib/audit/checks/HAS_SH.check
+- lib/audit/checks/HAS_GROUPCHECK.check
+- lib/audit/checks/LOCAL_NMAP.check
+- lib/audit/checks/APACHE2_CONFIG_02.check
+- lib/audit/checks/footer.template
+- lib/audit/checks/DIRECTORY_LISTING.check
+- lib/audit/checks/FREE_SPACE.check
+- lib/audit/checks/LIST_USER_ACCOUNTS.check
+- lib/audit/checks/APACHE2_CONFIG_03.check
 - lib/audit/checks/MAYBE_HAS_SUPERUSER.check
-- lib/audit/checks/MAYBE_HAS_TAR.check
-- lib/audit/checks/MAYBE_HAS_UNAME.check
-- lib/audit/checks/MAYBE_HAS_WGET.check
-- lib/audit/checks/MOUNTED_DEVICES.check
-- lib/audit/checks/MYSQL_HISTORY_1.check
+- lib/audit/checks/MAYBE_HAS_CURL.check
+- lib/audit/checks/DMESG_OUTPUT.check
+- lib/audit/checks/HAS_WC.check
 - lib/audit/checks/MYSQL_INIT_1.check
-- lib/audit/checks/MYSQL_INIT_2.check
-- lib/audit/checks/MYSQL_INIT_3.check
-- lib/audit/checks/PACKAGES_INSTALLED_DPKG.check
-- lib/audit/checks/PACKAGES_INSTALLED_YUM.check
-- lib/audit/checks/PASSWORD_INFORMATION.check
-- lib/audit/checks/PLATFORM_FACTS.check
-- lib/audit/checks/PORTS_OPEN_NETSTAT.check
 - lib/audit/checks/PROCESS_LIST.check
-- lib/audit/checks/script_header.template
-- lib/audit/checks/SLOW.group
-- lib/audit/checks/SLOW_1.check
-- lib/audit/checks/SLOW_2.check
-- lib/audit/checks/SLOW_3.check
-- lib/audit/checks/SSH.group
-- lib/audit/checks/SSH_CONFIG_01.check
-- lib/audit/checks/SSH_CONFIG_02.check
-- lib/audit/checks/SSH_CONFIG_03.check
-- lib/audit/checks/SSH_CONFIG_04.check
-- lib/audit/checks/SSH_CONFIG_05.check
-- lib/audit/checks/SSH_CONFIG_06.check
-- lib/audit/checks/SSH_CONFIG_07.check
-- lib/audit/checks/SSH_CONFIG_08.check
-- lib/audit/checks/SSH_CONFIG_09.check
-- lib/audit/checks/SSH_CONFIG_10.check
-- lib/audit/checks/SSH_CONFIG_11.check
-- lib/audit/checks/SSH_INIT_1.check
-- lib/audit/checks/SSH_INIT_2.check
-- lib/audit/checks/SSH_KEYS_1.check
-- lib/audit/checks/USER_INFORMATION.check
-- lib/audit/checks/USERS_INIT_1.check
-- lib/audit/checks/USERS_INIT_2.check
-- lib/audit/checks/USERS_INIT_3.check
+- lib/audit/checks/helpers/head.sh
 - lib/audit/checks/USERS_INIT_4.check
-- lib/audit/checks/USERS_INIT_5.check
-- lib/audit/checks/VAR_LIST_HOME_DIRECTORIES.check
-- lib/audit/checks/VARIOUS.group
-- lib/audit/create_benchmark.sh
-- lib/audit/lib/audit.rb
+- lib/audit/checks/BACKUP_HOME_DOTFILES.check
+- lib/audit/checks/PACKAGES_INSTALLED_DPKG.check
+- lib/audit/checks/HAS_HOSTNAME.check
+- lib/audit/checks/MAYBE_HAS_BZIP2.check
+- lib/audit/checks/SSH.group
+- lib/audit/checks/LYNIS_AUTH_9216.check
+- lib/audit/benchmark_apache.zip
+- lib/audit/lib/ssh_utils.rb
+- lib/audit/lib/http_fingerprint.rb
+- lib/audit/lib/ssh_fingerprint2.rb
+- lib/audit/lib/nessus_utils.rb
+- lib/audit/lib/my_option_parser.rb
+- lib/audit/lib/util/random_string.rb
+- lib/audit/lib/main.rb
 - lib/audit/lib/audit_facade.rb
+- lib/audit/lib/benchmark/check.rb
+- lib/audit/lib/benchmark/rule_result.rb
+- lib/audit/lib/benchmark/rule_severity.rb
+- lib/audit/lib/benchmark/item_exception.rb
+- lib/audit/lib/benchmark/result_code.rb
 - lib/audit/lib/benchmark/audit_benchmark.rb
-- lib/audit/lib/benchmark/automatic_dependencies.rb
+- lib/audit/lib/benchmark/yaml_benchmark.rb
 - lib/audit/lib/benchmark/benchmark_factory.rb
 - lib/audit/lib/benchmark/benchmark_result.rb
-- lib/audit/lib/benchmark/check.rb
+- lib/audit/lib/benchmark/automatic_dependencies.rb
 - lib/audit/lib/benchmark/group.rb
-- lib/audit/lib/benchmark/item_exception.rb
-- lib/audit/lib/benchmark/result_code.rb
-- lib/audit/lib/benchmark/rule_result.rb
 - lib/audit/lib/benchmark/rule_role.rb
-- lib/audit/lib/benchmark/rule_severity.rb
-- lib/audit/lib/benchmark/yaml_benchmark.rb
-- lib/audit/lib/connection/ami_connection.rb
-- lib/audit/lib/connection/connection_factory.rb
-- lib/audit/lib/connection/ssh_connection.rb
-- lib/audit/lib/ec2_utils.rb
-- lib/audit/lib/http_fingerprint.rb
-- lib/audit/lib/lazy.rb
-- lib/audit/lib/linear_script_generator.rb
-- lib/audit/lib/main.rb
-- lib/audit/lib/my_option_parser.rb
+- lib/audit/lib/transformers/web_view_transformer.rb
+- lib/audit/lib/transformers/yaml_transformer.rb
+- lib/audit/lib/audit.rb
 - lib/audit/lib/nessus_new.rb
-- lib/audit/lib/nessus_utils.rb
-- lib/audit/lib/parser/command/abstract_command.rb
-- lib/audit/lib/parser/command/abstract_command_result.rb
-- lib/audit/lib/parser/command/attach_file_command.rb
-- lib/audit/lib/parser/command/check_finished_command.rb
-- lib/audit/lib/parser/command/cpe_name_command.rb
-- lib/audit/lib/parser/command/data_command.rb
+- lib/audit/lib/linear_script_generator.rb
+- lib/audit/lib/parser/result_type.rb
+- lib/audit/lib/parser/parse_exception.rb
+- lib/audit/lib/parser/stdout_line_buffer.rb
+- lib/audit/lib/parser/script_output_parser.rb
 - lib/audit/lib/parser/command/listening_port_command.rb
+- lib/audit/lib/parser/command/check_finished_command.rb
 - lib/audit/lib/parser/command/message_command.rb
+- lib/audit/lib/parser/command/data_command.rb
+- lib/audit/lib/parser/command/cpe_name_command.rb
+- lib/audit/lib/parser/command/attach_file_command.rb
+- lib/audit/lib/parser/command/abstract_command_result.rb
 - lib/audit/lib/parser/command/program_name_command.rb
-- lib/audit/lib/parser/parse_exception.rb
-- lib/audit/lib/parser/result_type.rb
-- lib/audit/lib/parser/script_output_parser.rb
-- lib/audit/lib/parser/stdout_line_buffer.rb
+- lib/audit/lib/parser/command/abstract_command.rb
 - lib/audit/lib/ssh_fingerprint.rb
-- lib/audit/lib/ssh_fingerprint2.rb
-- lib/audit/lib/ssh_utils.rb
-- lib/audit/lib/transformers/web_view_transformer.rb
-- lib/audit/lib/transformers/yaml_transformer.rb
-- lib/audit/lib/util/random_string.rb
+- lib/audit/lib/ec2_utils.rb
+- lib/audit/lib/lazy.rb
+- lib/audit/lib/connection/ami_connection.rb
+- lib/audit/lib/connection/ssh_connection.rb
+- lib/audit/lib/connection/connection_factory.rb
 - lib/audit/lib/version.rb
-- lib/cloudyscripts.rb
-- lib/help/dm_crypt_helper.rb
-- lib/help/ec2_helper.rb
-- lib/help/progress_message_listener.rb
-- lib/help/remote_command_handler.rb
-- lib/help/script_execution_state.rb
-- lib/help/state_change_listener.rb
-- lib/help/state_transition_helper.rb
+- lib/audit/create_benchmark.sh
+- lib/audit/benchmark_full.zip
+- lib/audit/benchmark_ssh.zip
+- lib/scripts/ec2/port_range_detector.rb
+- lib/scripts/ec2/dm_encrypt.rb
 - lib/scripts/ec2/ami2_ebs_conversion.rb
+- lib/scripts/ec2/audit_via_ssh.rb
+- lib/scripts/ec2/open_port_checker.rb
 - lib/scripts/ec2/copy_ami.rb
 - lib/scripts/ec2/copy_snapshot.rb
-- lib/scripts/ec2/dm_encrypt.rb
-- lib/scripts/ec2/download_snapshot.rb
 - lib/scripts/ec2/ec2_script.rb
-- lib/scripts/ec2/open_port_checker.rb
-- lib/scripts/ec2/port_range_detector.rb
+- lib/scripts/ec2/download_snapshot.rb
+- lib/help/ec2_helper.rb
+- lib/help/dm_crypt_helper.rb
+- lib/help/state_transition_helper.rb
+- lib/help/script_execution_state.rb
+- lib/help/progress_message_listener.rb
+- lib/help/remote_command_handler.rb
+- lib/help/state_change_listener.rb
+- lib/cloudyscripts.rb
 has_rdoc: true
 homepage: http://elastic-security.com
 licenses: []
@@ -261,23 +276,27 @@ rdoc_options: []
 require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
+      hash: 3
       segments:
       - 0
       version: "0"
 required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
+      hash: 3
       segments:
       - 0
       version: "0"
 requirements: []
 rubyforge_project: cloudyscripts
-rubygems_version: 1.3.6
+rubygems_version: 1.3.7
 signing_key:
 specification_version: 3
 summary: Scripts to facilitate programming for infrastructure clouds.